GHSA-26rr-v2j2-25fh

Source

https://github.com/advisories/GHSA-26rr-v2j2-25fh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-26rr-v2j2-25fh/GHSA-26rr-v2j2-25fh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-26rr-v2j2-25fh

Aliases

CVE-2021-32758

Published

2021-08-30T17:20:52Z

Modified

2024-12-02T05:27:09.018307Z

Summary

Layout XML Arbitrary Code Fix

Details

Impact

Layout XML enabled admin users to execute arbitrary commands via block methods.

Database specific

{
    "nvd_published_at": "2021-08-27T18:15:00Z",
    "cwe_ids": [
        "CWE-91"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-30T16:42:41Z"
}

References

Affected packages

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.4.15

Affected versions

1.*

1.9.1.1

1.9.2.0

1.9.2.1

1.9.2.2

1.9.2.3

1.9.2.4

1.9.3.0

1.9.3.1

v19.*

v19.4.0

v19.4.1

v19.4.2

v19.4.3

v19.4.4

v19.4.5

v19.4.6

v19.4.7

v19.4.8

v19.4.9

v19.4.10

v19.4.11

v19.4.12

v19.4.13

v19.4.14

Packagist / openmage/magento-lts

Package

Name: openmage/magento-lts
Purl: pkg:composer/openmage/magento-lts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

20.0.0

Fixed

20.0.13

Affected versions

v20.*

v20.0.0

v20.0.1

v20.0.2

v20.0.3

v20.0.4

v20.0.5

v20.0.6

v20.0.7

v20.0.8

v20.0.10

v20.0.11

v20.0.12